Happy new year to all the amazing members and friends in the IAPP Asia-Pacific community. 2025 marks the 25th anniversary of the IAPP and will surely be another terrific year for us all as we continue to work together to define, promote and improve the professions of privacy, AI governance and digital responsibility in our organizations and jurisdictions.
Despite the holidays, there has been plenty of regulatory activity across the region in recent months. This past week, India released draft Digital Personal Data Protection rules following the 2024 passage of its Digital Personal Data Protection Act. Here in Australia, we saw the passage of two important pieces of regulatory legislation — the Privacy and Other Legislation Amendment Bill and the Cyber Security Act. Amendments were also made to the Security of Critical Infrastructure Act 2018, the Intelligence Services Act 2001 and the Freedom of Information Act 1982.
These new and updated laws will come into effect over a period of time and, as this plays out, we will be supporting a comprehensive program of content and community interaction to ensure members can discuss, debate and learn from each other on the practical operational impacts they will have.
While many enjoyed some downtime over the December holiday period, the Office of the Australian Information Commissioner also shared some significant announcements. The OAIC said it will receive AUD5 million from 2024-28 and AUD1.1 million per year from 2028-29 to regulate the privacy safeguards within in the Online Safety Amendment (Social Media Minimum Age) Act 2024 "that introduces a minimum age to access social media and provide guidance to social media companies and users outlining the new obligations under the Online Safety Act 2021."
It will also receive AUD3 million from 2024-27 to develop a Children's Online Privacy Code "to provide a safe environment for children, particularly when using digital platforms, as part of a first tranche of reforms to the Privacy Act 1988."
The OAIC also announced a landmark AUD50 million settlement with Meta related to the Cambridge Analytica incident. The agreement is part of an enforceable undertaking received from Meta to settle Federal Court civil penalty proceedings launched by the OAIC in March 2020.
Privacy Commissioner Carly Kind said, “We remain committed to applying our powers under the Privacy Act to achieve proportionate outcomes to ensure that Australians' privacy is protected, particularly with respect to technologies that have a high privacy impact. This groundbreaking outcome reflects the significant concerns of the Australian community.”
In line with Kind's sentiments, the OAIC appointed two new members to its leadership team to oversee case management, enforcement and investigations. Ashleigh McDonald, appointed executive general manager, information rights, and Rowena Park, appointed executive general manager, regulatory action, will both join the office in February. We look forward to welcoming both to the IAPP in the future.
Adam Ford is the managing director, Australia, New Zealand, for the IAPP.
This article appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.